At this year’s RSAC Conference, one theme cut across nearly every security conversation: AI has changed the attack landscape faster than most organizations have changed their defenses.
In an interview with ISMG, Dashlane CEO John Bennett laid out a clear, grounded view of what’s happening right now and what security teams need to rethink next. Credential-based attacks are still the easiest way in. AI is making them faster, more convincing, and harder to detect. And many security programs are still relying on reactive controls that were designed for a different era.
Below are key moments from John’s conversation at the RSAC Conference, with video clips from the full interview hosted by ISMG.
The new phishing playbook, powered by AI
John points to a reality many security teams are now seeing firsthand: Phishing is no longer crude, easy to spot, or primarily email-based. AI has enabled attackers to generate highly contextual, real-time phishing experiences that adapt to the user and the moment.
At the same time, the way people work has shifted almost entirely to the browser. Authentication, SaaS access, internal tools, shadow IT—it all happens there. That combination creates a dangerous mismatch. Even organizations that have invested heavily in email security and traditional anti-phishing tools are finding that rule-based defenses can’t keep up with AI-driven attacks that evolve in real time.
John explains how Dashlane is applying AI differently by analyzing signals directly in the browser and detecting phishing attempts as they happen, not after credentials have already been stolen. Just as importantly, he emphasizes that this is done using confidential computing to avoid exposing sensitive browsing data. Dashlane, cloud providers, and attackers can’t see user activity.
The takeaway is clear: Speed matters, and prevention has to happen at the moment of risk.
Credential risk is bigger than most teams realize
One of the most persistent misconceptions John addresses is the belief that SSO alone has “solved” credential security. While SSO is foundational, it doesn’t cover the full reality of modern environments.
Most organizations still rely on hundreds of apps that sit outside SSO, both sanctioned and unsanctioned. Add AI tools into the mix, often adopted faster than security teams can govern them, and the attack surface expands even further.
John shares a sobering internal data point: Across Dashlane’s anonymized customer telemetry, roughly 25% of credentials used in corporate environments are weak or compromised. That level of risk points to a systemic weakness, not a one-off scenario.
This is where the shift from traditional password management to proactive credential security becomes critical. Rather than waiting on user intervention or post-incident alerts, security teams need coverage that works automatically, across the entire workforce, from day one.
Work moved to the browser, but security hasn’t fully followed
A recurring theme in John’s interview is that many security architectures still reflect how work used to happen. The browser is now the front line, yet many controls remain upstream or downstream of where credentials are actually entered.
Attackers know this. They target login flows, lookalike domains, and real-time credential interception because that’s where defenders are weakest. AI has simply amplified those tactics.
John argues that modern credential security must live where risk occurs—inside the browser, at the moment of interaction—and must operate continuously, not just during setup or audits.
AI is part of the problem and the solution
Rather than framing AI as purely a threat, John acknowledges its dual role. The same technologies enabling attackers to scale and personalize phishing are also enabling defenders to detect patterns and intervene instantly.
The difference comes down to how AI is applied and governed.
Dashlane’s approach centers on using AI models locally and within secure enclaves, ensuring predictions can be made without exposing sensitive user data. That focus on privacy and trust is critical if AI-driven security tools are going to be adopted broadly by employees.
As John puts it, the future of credential security depends on solutions that are both proactive and responsible by design.
AI agents are the next major credential risk
Perhaps the most forward-looking part of the conversation focuses on what’s coming next: AI agents operating inside browsers and apps.
To function, these agents will need access to credentials. Today, there are no widely accepted standards or controls governing how those credentials are stored, used, or revoked once handed off. That creates a massive blind spot for security teams.
John outlines a clear principle for the agentic future: Users must retain explicit control over their credentials at all times. Credentials should be usable by agents without ever being exposed to them and only for the specific actions the user approves.
This thinking underpins Dashlane’s Confidential AI Engine, an architectural layer designed to preserve privacy by default. It reflects a broader belief that trust, privacy, and control will matter more—not less—as AI becomes more embedded in daily work.
From reactive defense to proactive credential security
Across the interview, a consistent message emerges: Credential-based attacks remain the most reliable path into organizations, and AI has made them faster and more effective. Meanwhile, many defenses are still reactive, fragmented, or limited in scope.
The gap between how attacks happen and how security teams respond is widening, but it doesn’t have to.
Forward-looking organizations are already shifting their mindset from managing passwords to actively reducing credential risk, from delayed detection to real-time protection, and from implicit trust to explicit user control.
Watch the full interview with John Bennett
The complete conversation dives deeper into AI, credential security, and what CISOs should be thinking about next.
Sign up to receive news and updates about Dashlane
